May 25, 2018 came and went, leaving many companies unprepared for the level of compliance that the General Data Protection Regulation (GDPR) requires. Even with four years notice, IT technologists responsible for business resilience strategies are still struggling to add new sophistications to the list of data protection goals. Syncsort’s 2018 State of Resilience Report shows that security and data privacy concerns are top of mind for most IT departments, especially as they adopt cloud platforms to gather, store and analyse data, says David Hodgson, chief product officer, Syncsort .
The long arm of the law
According to the GDPR authors, “the processing of personal data should be designed to serve mankind.” GDPR builds on and replaces the earlier data protection directive 95/46/EC and was primarily designed to unify and standardise data privacy laws across Europe. But, it raises the data privacy bar for organisations both inside the region and those outside wishing to do business with EU countries.
Bottom line: it would behoove any company, anywhere, to reconsider its data management practices in the light of GDPR. Do you know what data you have, about whom, how that is used by you or shared with others? Is it properly secured against theft? The same survey, with nearly 6,000 global respondents, found that most companies are still grappling these issues.
Putting the individual back in charge
GDPR ensures an individual’s right to know a company is keeping personal data on them, what that data is, the right to inspect and correct it and, most significantly, the right to have it removed, or the right to be forgotten.
The new approach starts with the right of consent. Many individuals have experienced this personally with companies sending emails to confirm approval to keep personal data. Certainly, as much as data is the fuel for many new business models, data is now also the new banana-skin that may cause a few slip-ups.
The first step is to clearly track what data you have, about whom and to confirm consent. A key part of this is unifying your view of an individual across different systems, databases and data sources. Is David Hodgson the same as David M Hodgson or are these two different people? To achieve this visibility, ensure you have the proper tools that can deliver and maintain data integrity.
Data quality tools that can both identify personal data and help keep it accurate, clean and de-duped are all essential to achieve compliance. Equally important is the ability to maintain an audit trail of who has accessed personal data. However, these requirements are only made harder in the realms of big data and streaming data.
What is personal data and how can it be used safely?
The spread of data gathering practices that routinely individualise our online experiences have underpinned the Digital Revolution, but it has also driven the concerns that have led to GDPR.
Article 4(1) of the GDPR defines Personally Identifiable Information (PII) as data that identifies, describes, or is unique to an individual. This includes the obvious – name, age, and social […]
The post Resistance is futile – Protecting your company from non-compliance with data protection regulations appeared first on IoT Now – How to run an IoT enabled business.